{"id":258904,"date":"2025-12-04T02:59:29","date_gmt":"2025-12-04T02:59:29","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/nhr-secure-protect-admin-debug-logs-limit-logins\/"},"modified":"2026-02-07T08:30:08","modified_gmt":"2026-02-07T08:30:08","slug":"nhrrob-secure","status":"publish","type":"plugin","link":"https:\/\/sna.wordpress.org\/plugins\/nhrrob-secure\/","author":18706776,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.3.1","stable_tag":"1.3.1","tested":"6.9.4","requires":"6.0","requires_php":"7.4","requires_plugins":null,"header_name":"NHR Secure \u2013 Login Security, Firewall, 2FA & Audit Log","header_author":"Nazmul Hasan Robin","header_description":"Lightweight WordPress security plugin that protects your admin area, hides debug logs, and limits login attempts. Minimal code, maximum protection.","assets_banners_color":"8878e9","last_updated":"2026-02-07 08:30:08","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"http:\/\/wordpress.org\/plugins\/nhrrob-secure\/","header_author_uri":"https:\/\/profiles.wordpress.org\/nhrrob\/","rating":0,"author_block_rating":0,"active_installs":0,"downloads":434,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.2":{"tag":"1.0.2","author":"nhrrob","date":"2025-12-04 02:58:55"},"1.0.3":{"tag":"1.0.3","author":"nhrrob","date":"2026-01-07 02:02:45"},"1.0.4":{"tag":"1.0.4","author":"nhrrob","date":"2026-01-09 09:30:04"},"1.0.5":{"tag":"1.0.5","author":"nhrrob","date":"2026-01-11 05:07:32"},"1.0.6":{"tag":"1.0.6","author":"nhrrob","date":"2026-01-11 16:27:39"},"1.1.0":{"tag":"1.1.0","author":"nhrrob","date":"2026-01-12 19:45:58"},"1.2.0":{"tag":"1.2.0","author":"nhrrob","date":"2026-01-16 20:03:48"},"1.3.0":{"tag":"1.3.0","author":"nhrrob","date":"2026-01-30 09:40:47"},"1.3.1":{"tag":"1.3.1","author":"nhrrob","date":"2026-02-07 08:30:08"}},"upgrade_notice":{"1.0.0":"<ul>\n<li>This is the initial release. Feel free to share any feature request at the plugin support forum page.<\/li>\n<\/ul>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3431204,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3431204,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3436910,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3436910,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.1.0","1.2.0","1.3.0","1.3.1"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3410319,"resolution":"1","location":"assets","locale":""},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3434007,"resolution":"2","location":"assets","locale":""},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3435758,"resolution":"3","location":"assets","locale":""},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3436910,"resolution":"4","location":"assets","locale":""},"screenshot-5.png":{"filename":"screenshot-5.png","revision":3436910,"resolution":"5","location":"assets","locale":""},"screenshot-6.png":{"filename":"screenshot-6.png","revision":3435758,"resolution":"6","location":"assets","locale":""},"screenshot-7.png":{"filename":"screenshot-7.png","revision":3436910,"resolution":"7","location":"assets","locale":""},"screenshot-8.png":{"filename":"screenshot-8.png","revision":3436910,"resolution":"8","location":"assets","locale":""},"screenshot-9.png":{"filename":"screenshot-9.png","revision":3436910,"resolution":"9","location":"assets","locale":""}},"screenshots":{"1":"Failed login attempts are blocked.","2":"Custom login page.","3":"Debug log is hidden.","4":"Modern React-powered settings page.","5":"Modern React-powered settings page - part 2.","6":"2FA setup in user profile.","7":"2FA setup in user profile - Email OTP.","8":"2FA setup in user profile - Recovery codes.","9":"Dark mode support."},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[9211,17813,89336,15756,600],"plugin_category":[38,54,59],"plugin_contributors":[199134],"plugin_business_model":[],"class_list":["post-258904","plugin","type-plugin","status-publish","hentry","plugin_tags-2fa","plugin_tags-debug-log","plugin_tags-hide-admin","plugin_tags-login-protection","plugin_tags-security","plugin_category-authentication","plugin_category-security-and-spam-protection","plugin_category-utilities-and-tools","plugin_contributors-nhrrob","plugin_committers-nhrrob"],"banners":{"banner":"https:\/\/ps.w.org\/nhrrob-secure\/assets\/banner-772x250.png?rev=3436910","banner_2x":"https:\/\/ps.w.org\/nhrrob-secure\/assets\/banner-1544x500.png?rev=3436910","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/nhrrob-secure\/assets\/icon-128x128.png?rev=3431204","icon_2x":"https:\/\/ps.w.org\/nhrrob-secure\/assets\/icon-256x256.png?rev=3431204","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/nhrrob-secure\/assets\/screenshot-1.png?rev=3410319","caption":"Failed login attempts are blocked."},{"src":"https:\/\/ps.w.org\/nhrrob-secure\/assets\/screenshot-2.png?rev=3434007","caption":"Custom login page."},{"src":"https:\/\/ps.w.org\/nhrrob-secure\/assets\/screenshot-3.png?rev=3435758","caption":"Debug log is hidden."},{"src":"https:\/\/ps.w.org\/nhrrob-secure\/assets\/screenshot-4.png?rev=3436910","caption":"Modern React-powered settings page."},{"src":"https:\/\/ps.w.org\/nhrrob-secure\/assets\/screenshot-5.png?rev=3436910","caption":"Modern React-powered settings page - part 2."},{"src":"https:\/\/ps.w.org\/nhrrob-secure\/assets\/screenshot-6.png?rev=3435758","caption":"2FA setup in user profile."},{"src":"https:\/\/ps.w.org\/nhrrob-secure\/assets\/screenshot-7.png?rev=3436910","caption":"2FA setup in user profile - Email OTP."},{"src":"https:\/\/ps.w.org\/nhrrob-secure\/assets\/screenshot-8.png?rev=3436910","caption":"2FA setup in user profile - Recovery codes."},{"src":"https:\/\/ps.w.org\/nhrrob-secure\/assets\/screenshot-9.png?rev=3436910","caption":"Dark mode support."}],"raw_content":"<!--section=description-->\n<p>Keep your WordPress site safe with minimal effort. NHR Secure helps you:<\/p>\n\n<ul>\n<li>Hide or protect your admin area from unauthorized access.<\/li>\n<li>Limit login attempts to prevent brute-force attacks.<\/li>\n<li>Hide debug logs to prevent sensitive information disclosure.<\/li>\n<li>Add 2FA to your WordPress site.<\/li>\n<li>Scan core files, plugins, and themes for known vulnerabilities.<\/li>\n<li>Monitor site health with one-click security recommendations.<\/li>\n<li>Protect against SQL injection, XSS, and LFI attacks.<\/li>\n<li>Block malicious IPs and entire countries.<\/li>\n<\/ul>\n\n<h3><strong>Features at a glance:<\/strong><\/h3>\n\n<h3>\ud83d\udd12 Limit Login Attempts<\/h3>\n\n<p>Stop brute-force attacks by temporarily blocking IPs after repeated failed login attempts.\n- Configurable attempt limit (1-20, default: 5)\n- Blocks based on IP + Username combination\n- Auto-unblock after 2 hours<\/p>\n\n<h3>\ud83d\udd10 Custom Login Page<\/h3>\n\n<p>Hide wp-login.php and use a custom login URL.\n- Default custom URL: <code>\/hidden-access-52w<\/code>\n- Blocks direct access to wp-login.php and wp-admin for guests<\/p>\n\n<h3>\ud83d\udee1\ufe0f Protect Debug Log File<\/h3>\n\n<p>Blocks direct access to <code>\/wp-content\/debug.log<\/code>\n- Returns 403 Forbidden for all users<\/p>\n\n<h3>\u2699\ufe0f Modern Settings Page<\/h3>\n\n<p>Configure everything from a beautiful React-powered interface.\n- Located under <strong>Tools \u2192 NHR Secure<\/strong>\n- <strong>Dark Mode<\/strong> support for comfortable viewing\n- Enable\/disable each feature<\/p>\n\n<h3>\ud83d\udd10 Two-Factor Authentication (2FA)<\/h3>\n\n<p>Enable two-factor authentication for users.\n- Support for <strong>Authenticator Apps<\/strong> and <strong>Email OTP<\/strong>\n- <strong>Enforce 2FA<\/strong> for specific user roles (e.g., Administrators)\n- <strong>Recovery Codes<\/strong> for emergency access\n- QR code setup for Authenticator Apps<\/p>\n\n<h3>\ud83d\udee1\ufe0f Vulnerability Checker<\/h3>\n\n<p>Automatically scan your installed plugins, themes, and WordPress core against a known vulnerability database.\n- Daily automatic scans\n- Alerts for critical security issues\n- Check file integrity<\/p>\n\n<h3>\ud83d\udda5\ufe0f User Session Management<\/h3>\n\n<p>Monitor and control active user sessions to prevent unauthorized access.\n- <strong>View Active Sessions:<\/strong> See IP, location, device, and login time for all logged-in users.\n- <strong>Remote Logout:<\/strong> Instantly log out suspicious sessions or all other devices.\n- <strong>Idle Timeout:<\/strong> Automatically log out inactive users after a set period.<\/p>\n\n<h3>\ud83e\uddf1 Hardening &amp; Firewall<\/h3>\n\n<p>Essential security hardening to lock down your WordPress site.\n- <strong>Disable XML-RPC:<\/strong> Prevent remote attacks and brute-force attempts.\n- <strong>Disable File Editor:<\/strong> Stop file modifications from the dashboard.\n- <strong>Hide WP Version:<\/strong> Obscure your WordPress version from attackers.\n- <strong>Block User-Agents:<\/strong> Prevent bad bots and scrapers from accessing your site.\n- <strong>Disable User Enumeration:<\/strong> Stop attackers from harvesting usernames via REST API.<\/p>\n\n<h3>\ud83d\udcdd Activity Audit Log<\/h3>\n\n<p>Keep a record of important security events on your site.\n- Tracks logins, failed attempts, file changes, and settings updates.\n- View user, IP, and event details.\n- Configurable log retention policy.<\/p>\n\n<h3>\ud83c\udfe5 Security Health Check &amp; One-Click Secure<\/h3>\n\n<p>Get an instant overview of your site's security posture.\n- <strong>Security Score:<\/strong> View your overall protection percentage and grade (A+ to F).\n- <strong>Health Dashboard:<\/strong> See which security features are active and which need attention.\n- <strong>One-Click Secure:<\/strong> Apply recommended security settings instantly.\n- <strong>11 Security Checks:<\/strong> Comprehensive analysis of your security status.<\/p>\n\n<h3>\ud83d\udee1\ufe0f Advanced Firewall (IPS)<\/h3>\n\n<p>Proactive intrusion prevention system that blocks malicious requests in real-time.\n- <strong>SQL Injection Protection:<\/strong> Detect and block SQLi attacks automatically.\n- <strong>XSS Prevention:<\/strong> Stop cross-site scripting attempts.\n- <strong>LFI Protection:<\/strong> Prevent local file inclusion attacks.\n- <strong>Pattern Matching:<\/strong> Advanced regex-based detection for common attack vectors.\n- <strong>Automatic Blocking:<\/strong> Suspicious requests are blocked before they reach WordPress.<\/p>\n\n<h3>\ud83c\udf0d IP &amp; Country Management<\/h3>\n\n<p>Control access to your site with granular IP and geographic filtering.\n- <strong>IP Whitelist:<\/strong> Allow trusted IPs to bypass all security filters.\n- <strong>IP Blacklist:<\/strong> Block malicious IPs permanently from your site.\n- <strong>CIDR Support:<\/strong> Use CIDR notation for blocking entire IP ranges (e.g., 192.168.1.0\/24).\n- <strong>Country Blocking:<\/strong> Block access from 90+ countries using GeoIP lookup.\n- <strong>Smart Caching:<\/strong> GeoIP lookups are cached for 24 hours for optimal performance.\n- <strong>Private IP Detection:<\/strong> Automatically skip local\/private IPs.<\/p>\n\n<h3>\u26a1 Lightweight &amp; Minimal<\/h3>\n\n<p>Designed to deliver maximum security with minimal code. No bloat, no complexity.\n- Compatible with most WordPress themes and plugins.<\/p>\n\n<h3>External Services<\/h3>\n\n<p>This plugin utilizes the <a href=\"https:\/\/wpvulnerability.com\/\">WPVulnerability<\/a> API to check for vulnerabilities.\n- <strong>Service:<\/strong> WPVulnerability\n- <strong>Data:<\/strong> Only plugin slugs and versions are sent. No personal data is collected.<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>nhrrob-secure<\/code> plugin folder to your <code>\/wp-content\/plugins\/<\/code> directory.<\/li>\n<li>Activate the plugin through the 'Plugins' menu in WordPress.<\/li>\n<li>Navigate to <strong>Tools \u2192 NHR Secure<\/strong> to configure settings.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"how%20do%20i%20access%20the%20settings%20page%3F\"><h3>How do I access the settings page?<\/h3><\/dt>\n<dd><p>Navigate to <strong>Tools \u2192 NHR Secure<\/strong> in your WordPress admin dashboard.<\/p><\/dd>\n<dt id=\"does%20it%20limit%20login%20attempts%3F\"><h3>Does it limit login attempts?<\/h3><\/dt>\n<dd><p>Yes. Repeated failed login attempts from the same IP will be temporarily blocked to prevent brute-force attacks. You can configure the limit (1-20 attempts) from the settings page.<\/p><\/dd>\n<dt id=\"what%20is%20the%20default%20custom%20login%20url%3F\"><h3>What is the default custom login URL?<\/h3><\/dt>\n<dd><p>The default custom login URL is <code>\/hidden-access-52w<\/code>. You can change this in the settings page under Tools \u2192 NHR Secure.<\/p><\/dd>\n<dt id=\"how%20does%202fa%20work%3F\"><h3>How does 2FA work?<\/h3><\/dt>\n<dd><p>2FA (Two-Factor Authentication) adds an extra layer of security to your WordPress site. When enabled, users must enter a code from their 2FA app (e.g., Google Authenticator, Authy) in addition to their username and password to log in.<\/p><\/dd>\n<dt id=\"can%20i%20disable%20specific%20features%3F\"><h3>Can I disable specific features?<\/h3><\/dt>\n<dd><p>Yes. You can enable or disable each feature from the settings page under Tools \u2192 NHR Secure.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.3.1 - 07\/02\/2026<\/h4>\n\n<ul>\n<li>Fixed: Forced logout issue for 2FA users<\/li>\n<\/ul>\n\n<h4>1.3.0 - 28\/01\/2026<\/h4>\n\n<ul>\n<li>Added: Security Health Check with scoring system (A+ to F grade)<\/li>\n<li>Added: One-Click Secure feature to apply recommended settings instantly<\/li>\n<li>Added: Advanced Firewall (IPS) with real-time protection against SQL Injection, XSS, and LFI attacks<\/li>\n<li>Added: IP Management with Whitelist and Blacklist (CIDR support)<\/li>\n<li>Added: Country Blocking for 90+ countries using GeoIP lookup with caching<\/li>\n<li>Improved: Dark mode styling for all components<\/li>\n<li>Improved: Overall security dashboard UI\/UX<\/li>\n<\/ul>\n\n<h4>1.2.0 - 17\/01\/2026<\/h4>\n\n<ul>\n<li>Added: User Session Management (View active sessions, remote logout, idle timeout)<\/li>\n<li>Added: Hardening &amp; Firewall (Disable XML-RPC, File Editor, Version Hiding, User Enumeration)<\/li>\n<li>Added: User-Agent Blocking<\/li>\n<li>Added: Audit Logs for security events<\/li>\n<li>Fixed: Dark mode improvements<\/li>\n<li>Improved: UI enhancements<\/li>\n<\/ul>\n\n<h4>1.1.0 - 13\/01\/2026<\/h4>\n\n<ul>\n<li>Added: Vulnerability Checker<\/li>\n<li>Added: File Scanner to check file integrity<\/li>\n<li>Improved: UI for scan results<\/li>\n<li>Few minor bug fixing &amp; improvements<\/li>\n<\/ul>\n\n<h4>1.0.6 - 11\/01\/2026<\/h4>\n\n<ul>\n<li>Fixed: Fatal error due to missing vendor files<\/li>\n<\/ul>\n\n<h4>1.0.5 - 11\/01\/2026<\/h4>\n\n<ul>\n<li>Added: Email OTP feature<\/li>\n<li>Added: Recovery codes for 2FA<\/li>\n<li>Added: Enforce 2FA for specific roles<\/li>\n<li>Added: Dark mode support<\/li>\n<li>Few minor bug fixing &amp; improvements<\/li>\n<\/ul>\n\n<h4>1.0.4 - 09\/01\/2026<\/h4>\n\n<ul>\n<li>Added: Modern React-powered settings page under Tools \u2192 NHR Secure<\/li>\n<li>Added: Enable\/disable all features from admin interface<\/li>\n<li>Added: Configurable login attempts limit (1-20)<\/li>\n<li>Added: Customizable login page URL from settings<\/li>\n<li>Added: Two-factor authentication (2FA) feature<\/li>\n<\/ul>\n\n<h4>1.0.3 - 05\/01\/2026<\/h4>\n\n<ul>\n<li>Added: Custom login page.<\/li>\n<li>Added: Hide debug log.<\/li>\n<\/ul>\n\n<h4>1.0.2 - 04\/12\/2025<\/h4>\n\n<ul>\n<li>Initial release. Cheers!!<\/li>\n<li>Added plugin assets (icons, banners &amp; screenshot).<\/li>\n<li>Fixed fatal error related to function name.<\/li>\n<\/ul>\n\n<h4>1.0.1 - 30\/11\/2025<\/h4>\n\n<ul>\n<li>Few minor bug fixing &amp; improvements<\/li>\n<\/ul>\n\n<h4>1.0.0 - 23\/10\/2025<\/h4>\n\n<ul>\n<li>Initial beta release. Cheers!<\/li>\n<\/ul>","raw_excerpt":"A lightweight WordPress security plugin to protect your admin area with a custom login URL, hide debug logs, limit login attempts, and add 2FA.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/sna.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/258904","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sna.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/sna.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/sna.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=258904"}],"author":[{"embeddable":true,"href":"https:\/\/sna.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/nhrrob"}],"wp:attachment":[{"href":"https:\/\/sna.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=258904"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/sna.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=258904"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/sna.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=258904"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/sna.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=258904"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/sna.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=258904"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/sna.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=258904"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}